The Data Use and Access Bill is a piece of legislation introduced by the UK government to allow for a greater level of data sharing and data exchange within both public and private sector organizations.
Introduced to parliament towards the end of 2024, the government says this bill could save millions of hours for many public sector workers as well as add an estimated £10 billion to the UK economy over a period of 10 years. The bill can be divided into seven sections according to the government, with the first centered on the enablement of “smart data” use outside the finance sector.
It would regulate the provision of digital verification services, digitalize birth and death registrations, make changes to the UK’s data protection regime, and transfer the function of the Information Commissioner’s Office (ICO) to a new Information Commission.
The bill would also make further provisions about the use of or access to data in areas such as health and social care, smart meter communication services, public service delivery, and online safety.
“With laws that help us to use data securely and effectively, this Bill will help us boost the UK’s economy, free up vital time for our front-line workers, and relieve people from unnecessary admin so that they can get on with their lives,” technology secretary Peter Kyle said at the time of the bill’s announcement.
Experts from the tech sector have broadly welcomed the legislation, commending its focus on improving efficiency. Alex Laurie, senior vice president at Ping Identity, said that any legislation of this kind is a positive step.
“From my perspective, anything that makes it easier for us to do business as a citizen is massively important,” Laurie tells ITPro. “If it takes time out of people’s working day I think it’s an important thing.”
How will the Data Use and Access Bill affect the public sector?
This legislation has the public sector at its core, with many of the bill’s benefits noted by the government relating to heightening efficiencies in the UK’s police force or the National Health Service (NHS).
Within the NHS, for example, administrative processes can be very lengthy and time consuming, having a negative impact on the organization and the customer. Laurie expressed his own understanding of this, referring to a study his firm undertook regarding disabled parking permits.
“We did an analysis a few years ago on how many agencies and individual units were involved in getting a blue badge for someone, and it was like 35 different steps, which all needed identification, verification, proof,” Laurie says.
This bill will likely hone in on a set concept of data portability, Laurie adds, which is an important step forward in speeding up these sorts of processes. Lauren Wills-Dixon, solicitor at Gordons, tells ITPro the bull will also lay out a more coherent, straightforward idea of what data can be used and for what purposes.
“The bill introduces this concept of recognized legitimate interest to give organizations certainty,” she says.
Wills-Dixon explains that it will recognize several legitimate interests including national security processing, emergency response, and safeguarding efforts.
It will also cut red tape in the public sector, according to Richard Fayers, data and analytics practice lead at Slalom, reducing the lengths that workers have to go to in recording personal data use.
How will the Data Use and Access Bill affect the private sector?
While there’s a huge opportunity in the public sector space, Fayers is keen to point out how elements of the bill – such as the smart data schemes – will likely drive innovation across the private sector landscape.
For example, he suggests the bill could introduce a greater level of openness for UK businesses and turn attention towards open standards akin to what has been seen in the finance sector with open banking. Fayers sees massive opportunities across sectors by building on this interoperability of data.
There may also be better forecasting of public demand through a pooling of company information, Fayers adds, as well as the potential for businesses to share data to offer collaborative schemes or experiences to customers. Businesses could then give customers a unified profile that works from company to company.
Bill Wright, global head of government affairs at Elastic, echoes some of these predictions for potential advantages to the private sector. The bill will allow firms in every sector to access and analyze consumer data more effectively, Wright tells ITPro.
“Simplifying the data sharing rules are going to, maybe, break down some of those silos between industries and create some opportunities for startups to compete with some of the more established players,” Wright says.
It may even increase foreign investment into the UK, Wright says finally, by showing those outside the UK that the country has a data processing environment both predictable and innovative.
What do IT leaders need to know about compliance?
As with any new piece of legislation, the data use and access bill will require some degree of reorganization from firms when it comes to ensuring compliance. That being said, Wills-Dixon predicts companies that are already compliant with GDPR don’t face serious challenges to becoming compliant with the Data Use and Access Bill.
“If you’re carrying out research, statistical use of data, or processing in the public interest and things like that, then it will help, but for most commercial organizations, your obligations are going to be very similar as drafted,” Wills-Dixon adds.
That said, Fayers warns the new Information Commission will have enhanced enforcement powers and businesses will also need to ensure they can demonstrate robust security and data governance. This will demand a greater focus on compliance certification and accountability frameworks, Fayers says.
“If you’re seen to be transparent – if you’re providing customers with assurance and visibility of how you’re managing this risk as well – that could also be seen as a benefit, whilst there’s a cost,” Fayers concludes.
